Stanford Security Seminar

Last-level cache side-channel attacks are practical

Yuval Yarom

Abstract:

System virtualisation increases hardware utilisation by sharing the hardware resources between several virtual machines. While these virtual machines are supposed to be isolated from each other, the shared use of the hardware creates side channels which allow malicious virtual machines to collect information about other virtual machines. Previous research has demonstrated techniques for exploiting side channel to steal sensitive information, such as cryptographic keys,. To mitigate against these attacks, virtualisation providers recommend not to share memory between non-trusting virtual machines and to avoid executing non-trusting virtual machines on the same execution core.

In this talk we present a new technique for implementing a side-channel attack that bypasses both these countermeasures. The attack relies on access to the last-level cache which is shared between all the processor cores. Using the technique, a malicious virtual machine can steal the cryptographic keys from a recent version of GnuPG by observing the side channel over a period of a few minutes.

The talk is based on a joint work with Fangfei Liu, Qian Ge, Gernot Heiser and Ruby Lee.